How manufacturers can reduce cyber risk - being prepared for cyber attacks
Manufacturers need to be careful of unwanted attention
Cyber Attacks are Growing in the Manufacturing Industry
In 2017, there were two major cyber attacks: WannaCry in May and Petya in June. These attacks caused significant damage in a lot of countries and in major organizations. It has happened multiple times since and it could happen again. The World Economic Forum’s (WEF) Global Risks Reports pointed to cyber risk as the third most likely cause of damage to businesses this year.
Currently, around 8.4 billion devices are connected to the internet. And the number is growing as we speak. By 2020, it’s expected to reach 20 billion.
Every day, there are more and more opportunities for individuals with malicious intent to gain access to systems and networks.
Every device connected to the internet can help hackers gain access to your business.
Nearly 35% of the overall usage of the Industrial Internet of Things until 2025 is from the manufacturing industry. Manufacturers need to be aware of the threats and how to recover if an attack happens.
If your customers doubt your ability to run efficient operations, you’ll lose their trust. You need to have a plan to manage a crisis.
What Damages Result from Cyber Attacks?
Cyber attacks can cause physical damage, non-physical damage, or both. An attack can be focused on:
- Data, like stealing intellectual property (unique processes or trade secrets).
- Creating physical damage by making machines malfunction or halt completely, for example make a boiler overheat and explode.
Either one can have a major impact on the business.
The average cost of a successful cyber attack in the manufacturing industry is about $5 million USD.
Technology, people, and processes are the main components of a business. If one falters, the rest can’t perform.
Human error often stands out as the reason for a successful cyber attack - an employee clicking a link on an email is all it takes.
Unfortunately, even in today’s digital driven world, not every employee knows the risk of opening emails from unknown sources.
Luckily, there is a lot you can do to take back control of the situation. Firstly, don’t assume all your employees know about the latest technologies in the workplace. Also, spend time giving them the knowledge about technology and helping them understand threats. So, you need to start with your employees today and make sure everyone knows about the latest security risks.
How to Reduce the Risk of an Attack
To reduce risk and recover quickly after an attack, you have to build resilience in your organization. It’s a way of improving awareness of the whole business and making sure vulnerabilities are taken care of. This will allow you to recover quickly and minimize:
- Revenue loss
- Loss of your reputation
Cyber risks evolve so fast that it’s almost impossible to protect yourself from every single threat. So resilience is your greatest ally.
You can reduce cyber risk in your company by:
- Training employees - help them avoid phishing and other email-based attacks
- Equipment - all internet connected devices must be updated with the latest security features and patches
- Review your facilities - check your security systems to make sure no unauthorized individuals can get access
- Back-ups - create back-ups of valuable data and keep them off-site
- Manual overrides - make sure your machinery can be deactivated manually before causing damage
- Business plan - make a business continuity plan explaining how to respond after an attack
Technology is Your Biggest Asset and Weakness
Over the years, digital technology has been playing a more important role in manufacturing processes. Now, the manufacturing industry is one of the most advanced in the world because of it. Robotics and sensor technology are common. They allow insights in real time and are heavily relied on. Unfortunately, these advanced systems also have drawbacks. Increased automation, complex supply chains, and data-rich production cycles make the industry vulnerable to cyber attacks.
By the end of 2018, there’ll be 1.3 million robots in factories worldwide. They help with operational efficiencies but they open up many security risks. Various sensors pour data into systems to give a real-time view of operations. Leaders can monitor data flowing between machines, people, and devices. But, automation is a risk. You have to evaluate the robustness of the core technology. The IT teams need to have back-ups of their data and have action plans in place to keep up with production and recover data.
A major problem is malware. This is deployed once a device is compromised which enables hackers to gain control through only one device connected to the network.
Robots are very useful. But you have to ensure they are secured.
If a hacker manages to access the software, it could shut-down your operations completely. Possible problems range from an industrial robotic arm malfunctioning to gaining access to the business’s security networks. The costs can be unimaginable. For example, a stoppage in a car manufacturing plant can cost £10,000 per minute. In one of the major attacks - by using NotPetya ransomware - incurred costs were estimated at $1.2Bn.
While 67% of IT Decision Makers are confident they’re prepared for a cyber attack, the headlines tell a different story. The industry is in danger of becoming complacent.
Investments in manufacturing are focused on cost reduction and safety issues while leaving security behind. It’s important to match the investment for security, as risks increase with the new technologies.
In summary, you need to build resilience to avoid being an easy target. And don’t let security take the back seat. Invest as much as you do with cost reduction and safety.
There are many ways to improve your level of security. For one thing, open source software is considered more secure than proprietary.
So, what do you need to do to have peace of mind again?